1 /* Copyright (C) 2007-2012 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  *
24  */
25 
26 #ifndef __APP_LAYER_SSL_H__
27 #define __APP_LAYER_SSL_H__
28 
29 #include "app-layer-protos.h"
30 #include "app-layer-parser.h"
31 #include "decode-events.h"
32 #include "util-ja3.h"
33 #include "queue.h"
34 
35 enum {
36     /* TLS protocol messages */
37     TLS_DECODER_EVENT_INVALID_SSLV2_HEADER,
38     TLS_DECODER_EVENT_INVALID_TLS_HEADER,
39     TLS_DECODER_EVENT_INVALID_RECORD_VERSION,
40     TLS_DECODER_EVENT_INVALID_RECORD_TYPE,
41     TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE,
42     TLS_DECODER_EVENT_HEARTBEAT,
43     TLS_DECODER_EVENT_INVALID_HEARTBEAT,
44     TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT,
45     TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH,
46     TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH,
47     TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS,
48     TLS_DECODER_EVENT_INVALID_SNI_TYPE,
49     TLS_DECODER_EVENT_INVALID_SNI_LENGTH,
50     TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET,
51     /* Certificates decoding messages */
52     TLS_DECODER_EVENT_INVALID_CERTIFICATE,
53     TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH,
54     TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION,
55     TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL,
56     TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER,
57     TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME,
58     TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE,
59     TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS,
60     TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER,
61     TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT,
62     TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER,
63     TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY,
64     TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED,
65     TLS_DECODER_EVENT_INVALID_SSL_RECORD,
66 };
67 
68 enum {
69     TLS_STATE_IN_PROGRESS = 0,
70     TLS_STATE_CERT_READY = 1,
71     TLS_HANDSHAKE_DONE = 2,
72     TLS_STATE_FINISHED = 3
73 };
74 
75 /* Flag to indicate that server will now on send encrypted msgs */
76 #define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC   BIT_U32(0)
77 /* Flag to indicate that client will now on send encrypted msgs */
78 #define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC   BIT_U32(1)
79 #define SSL_AL_FLAG_CHANGE_CIPHER_SPEC          BIT_U32(2)
80 
81 /* SSL related flags */
82 #define SSL_AL_FLAG_SSL_CLIENT_HS               BIT_U32(3)
83 #define SSL_AL_FLAG_SSL_SERVER_HS               BIT_U32(4)
84 #define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY       BIT_U32(5)
85 #define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED    BIT_U32(6)
86 #define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED    BIT_U32(7)
87 #define SSL_AL_FLAG_SSL_NO_SESSION_ID           BIT_U32(8)
88 
89 /* flags specific to detect-ssl-state keyword */
90 #define SSL_AL_FLAG_STATE_CLIENT_HELLO          BIT_U32(9)
91 #define SSL_AL_FLAG_STATE_SERVER_HELLO          BIT_U32(10)
92 #define SSL_AL_FLAG_STATE_CLIENT_KEYX           BIT_U32(11)
93 #define SSL_AL_FLAG_STATE_SERVER_KEYX           BIT_U32(12)
94 #define SSL_AL_FLAG_STATE_UNKNOWN               BIT_U32(13)
95 
96 /* flag to indicate that session is finished */
97 #define SSL_AL_FLAG_STATE_FINISHED              BIT_U32(14)
98 
99 /* flags specific to HeartBeat state */
100 #define SSL_AL_FLAG_HB_INFLIGHT                 BIT_U32(15)
101 #define SSL_AL_FLAG_HB_CLIENT_INIT              BIT_U32(16)
102 #define SSL_AL_FLAG_HB_SERVER_INIT              BIT_U32(17)
103 
104 /* flag to indicate that handshake is done */
105 #define SSL_AL_FLAG_HANDSHAKE_DONE              BIT_U32(18)
106 
107 /* A session ID in the Client Hello message, indicating the client
108    wants to resume a session */
109 #define SSL_AL_FLAG_SSL_CLIENT_SESSION_ID       BIT_U32(19)
110 /* Session resumed without a full handshake */
111 #define SSL_AL_FLAG_SESSION_RESUMED             BIT_U32(20)
112 
113 /* Encountered a supported_versions extension in client hello */
114 #define SSL_AL_FLAG_CH_VERSION_EXTENSION        BIT_U32(21)
115 
116 /* Log the session even without ever seeing a certificate. This is used
117    to log TLSv1.3 sessions. */
118 #define SSL_AL_FLAG_LOG_WITHOUT_CERT            BIT_U32(22)
119 
120 /* Encountered a early data extension in client hello. This extension is
121    used by 0-RTT. */
122 #define SSL_AL_FLAG_EARLY_DATA                  BIT_U32(23)
123 
124 /* config flags */
125 #define SSL_TLS_LOG_PEM                         (1 << 0)
126 
127 /* extensions */
128 #define SSL_EXTENSION_SNI                       0x0000
129 #define SSL_EXTENSION_ELLIPTIC_CURVES           0x000a
130 #define SSL_EXTENSION_EC_POINT_FORMATS          0x000b
131 #define SSL_EXTENSION_SESSION_TICKET            0x0023
132 #define SSL_EXTENSION_EARLY_DATA                0x002a
133 #define SSL_EXTENSION_SUPPORTED_VERSIONS        0x002b
134 
135 /* SNI types */
136 #define SSL_SNI_TYPE_HOST_NAME                  0
137 
138 /* Max string length of the TLS version string */
139 #define SSL_VERSION_MAX_STRLEN 20
140 
141 /* SSL versions.  We'll use a unified format for all, with the top byte
142  * holding the major version and the lower byte the minor version */
143 enum {
144     TLS_VERSION_UNKNOWN = 0x0000,
145     SSL_VERSION_2 = 0x0200,
146     SSL_VERSION_3 = 0x0300,
147     TLS_VERSION_10 = 0x0301,
148     TLS_VERSION_11 = 0x0302,
149     TLS_VERSION_12 = 0x0303,
150     TLS_VERSION_13 = 0x0304,
151     TLS_VERSION_13_DRAFT28 = 0x7f1c,
152     TLS_VERSION_13_DRAFT27 = 0x7f1b,
153     TLS_VERSION_13_DRAFT26 = 0x7f1a,
154     TLS_VERSION_13_DRAFT25 = 0x7f19,
155     TLS_VERSION_13_DRAFT24 = 0x7f18,
156     TLS_VERSION_13_DRAFT23 = 0x7f17,
157     TLS_VERSION_13_DRAFT22 = 0x7f16,
158     TLS_VERSION_13_DRAFT21 = 0x7f15,
159     TLS_VERSION_13_DRAFT20 = 0x7f14,
160     TLS_VERSION_13_DRAFT19 = 0x7f13,
161     TLS_VERSION_13_DRAFT18 = 0x7f12,
162     TLS_VERSION_13_DRAFT17 = 0x7f11,
163     TLS_VERSION_13_DRAFT16 = 0x7f10,
164     TLS_VERSION_13_PRE_DRAFT16 = 0x7f01,
165     TLS_VERSION_13_DRAFT20_FB = 0xfb14,
166     TLS_VERSION_13_DRAFT21_FB = 0xfb15,
167     TLS_VERSION_13_DRAFT22_FB = 0xfb16,
168     TLS_VERSION_13_DRAFT23_FB = 0xfb17,
169     TLS_VERSION_13_DRAFT26_FB = 0xfb1a,
170 };
171 
172 typedef struct SSLCertsChain_ {
173     uint8_t *cert_data;
174     uint32_t cert_len;
175     TAILQ_ENTRY(SSLCertsChain_) next;
176 } SSLCertsChain;
177 
178 
179 typedef struct SSLStateConnp_ {
180     /* record length */
181     uint32_t record_length;
182     /* record length's length for SSLv2 */
183     uint32_t record_lengths_length;
184 
185     /* offset of the beginning of the current message (including header) */
186     uint32_t message_start;
187     uint32_t message_length;
188 
189     uint16_t version;
190     uint8_t content_type;
191 
192     uint8_t handshake_type;
193     uint32_t handshake_length;
194 
195     /* the no of bytes processed in the currently parsed record */
196     uint32_t bytes_processed;
197     /* the no of bytes processed in the currently parsed handshake */
198     uint16_t hs_bytes_processed;
199 
200     uint16_t session_id_length;
201 
202     char *cert0_subject;
203     char *cert0_issuerdn;
204     char *cert0_serial;
205     time_t cert0_not_before;
206     time_t cert0_not_after;
207     char *cert0_fingerprint;
208 
209     /* ssl server name indication extension */
210     char *sni;
211 
212     char *session_id;
213 
214     TAILQ_HEAD(, SSLCertsChain_) certs;
215 
216     uint32_t cert_log_flag;
217 
218     JA3Buffer *ja3_str;
219     char *ja3_hash;
220 
221     /* buffer for the tls record.
222      * We use a malloced buffer, if the record is fragmented */
223     uint8_t *trec;
224     uint32_t trec_len;
225     uint32_t trec_pos;
226 } SSLStateConnp;
227 
228 /**
229  * \brief SSLv[2.0|3.[0|1|2|3]] state structure.
230  *
231  *        Structure to store the SSL state values.
232  */
233 typedef struct SSLState_ {
234     Flow *f;
235 
236     AppLayerTxData tx_data;
237 
238     /* holds some state flags we need */
239     uint32_t flags;
240 
241     /* there might be a better place to store this*/
242     uint16_t hb_record_len;
243 
244     uint16_t events;
245 
246     uint32_t current_flags;
247 
248     SSLStateConnp *curr_connp;
249 
250     SSLStateConnp client_connp;
251     SSLStateConnp server_connp;
252 
253     DetectEngineState *de_state;
254     AppLayerDecoderEvents *decoder_events;
255 } SSLState;
256 
257 void RegisterSSLParsers(void);
258 void SSLParserRegisterTests(void);
259 void SSLSetEvent(SSLState *ssl_state, uint8_t event);
260 void SSLVersionToString(uint16_t, char *);
261 void SSLEnableJA3(void);
262 bool SSLJA3IsEnabled(void);
263 
264 #endif /* __APP_LAYER_SSL_H__ */
265